From the Listening Post… 03/12/2010 (a.m.)

Last week, the Obama administration’s most senior official with responsibility for the internet and cyberspace made a significant intervention in the increasingly hysterical US debate over cyberwar.

McConnell proposed that the internet effectively be re-engineered to serve US national security interests. He went on to suggest that success in the Cold War would serve as a template for victory in the current cyberwar.

Schmidt debunked this flawed analogical reasoning, calling it both “a terrible metaphor” and “a terrible concept”. Moreover, “there are no winners in that environment”, he said.

In a media space in which the US public has consistently been told that cyberwar is an existential threat to American society, this marks a significant change in discourse.

Nevertheless, Schmidt’s words are a welcome bulwark, temporarily at least, against an institutional tendency to portray the internet as a high-risk environment that demands immediate and drastic action. Schmidt is right to say that there are real issues of e-crime and cyber-espionage that need to be addressed, but claims that the US is on a war footing in cyberspace are overblown and inaccurate.

The government is seeking to quell what it claims are reactionary press reports branding network intrusions by hackers as “cyber attacks”.

Government officials say they are concerned that the use of the word ‘attack’ for any sort of hack has led the media to conflate network intrusion attempts with acts of cyber war.

“Most of what people refer to as ‘attacks’ are the exfiltration of data, which is theft or espionage,” he said. “I haven’t seen any reports of attack. Everyone always reports an attack. In most cases it is not an attack, its theft and crime, its stealing data.”

Cyber military commanders on both sides of the Atlantic told Computer Weekly they were unable to quantify the cyber threat or cite any examples of known state-led cyber attacks on their countries, though they admitted that unknown intruders were regularly breaking into their networks.

words matter when it comes to describing risks and threats, and they frame the debates thus engendered. Crucially, of course, they help shape the responses of politicians and practitioners tackling the situations in which they find themselves.

This is not a particularly controversial stance and I find myself a bit baffled why some people might find it odd that I think declaring a de facto cyberwar against Russia and China, amongst others, might not be a particularly useful line to take.

it’s very encouraging that the senior US cybersecurity administrator is making it clear that cybersecurity measures should not be predicated on the incorrect assumption that the US is on a war footing in cyberspace; it’s not. There are live issues of espionage and crime, as Schmidt points out, but a dishonest appeal to fears of persistent military threat is not a sound basis for good policy, domestic or foreign.

I’m so tired of this constant back and forth bullshit over whether or not cyber war exists. It’s just a term, for better or for worse, that members of the public recognize. Whether or not the term has merit is not the point. I’ve repeatedly said that cyber war doesn’t exist even though I wrote a book that uses the phrase in the title.

What needs to be discussed is not the term “cyber war”, but what the term represents

arguing about what we call this issue shoud be at the very bottom of the list of things that need to be done right now.